Disable WebDav in AEM Production publisher

Statement : How to disable WebDav in AEM publisher(Production)

Environment : AEM 6.1

Solution:

WebDAV should be disabled on the publish environment. This can be done by stopping the appropriate OSGi bundles.

1.     Connect to the Felix Management Console running on:

               http://<host>:<port>/system/console

                For example http://localhost:4503/system/console/bundles.

2.     In the list of bundles, find the bundle named:

§  Apache Sling Simple WebDAV Access to repositories (org.apache.sling.jcr.webdav)

§  Click the stop button (in the Actions column) to stop this bundle.

3.     Again in the list of bundles, find the bundle named:

§  Apache Sling DavEx Access to repositories (org.apache.sling.jcr.davex)

§  Click the stop button to stop this bundle.

Note:

A restart of AEM is not required.

How to prevent DOS misuse/attack in AEM

Solution:

Control the selectors in your application, so that you only serve the explicit selectors needed and return 404 for all others.

Prevent the output of an unlimited number of content nodes.

§  Check the configuration of the default renderers, which can be a problem area.

In particular the JSON renderer which can transverse the tree structure over multiple levels.
For example, the request:  http://localhost:4502/.json
could dump the whole repository in a JSON representation. This would cause significant server problems.

For this reason Sling sets a limit on the number of maximum results.

To limit the depth of the JSON rendering you can set the value for:JSON Max results (json.maximumresults)
in the configuration for the Apache Sling GET Servlet. When this limit is exceeded the rendering will be collapsed. The default value for Sling within CQ is 200.

§  As a preventive measure disable the other default renderers (HTML, plain text, XML). Again by configuring the Apache Sling GET Servlet

CAUTION

Do not disable the JSON renderer, this is required for the normal operation of CQ.

Prevent rapid repository growth caused by Linkchecker in AEM 6.1

Statement :  How to Disable the external Link checker

Environment : AEM 6.1

Solution :

§    Linkchecker performs a lot of JCR writes/update causing CPU peaks as well as performance decreases, mainly caused by the JCR locks.

§    To verify if the repository growth is related to the linkchecker, enable TRACE log level for org.apache.jackrabbit.oak.jcr.operations.

§    Writes during a few minutes, and check if the majority of the writes are below /var/linkchecker. Then do not forgot to disable the TRACE log level.

§    In such cases where performance is compromised by this linkchecker behavior, it is recommended to disable this feature by following the steps below:

1. Delete /var/linkchecker (it will be recreated automatically)

2. In the OSGI configuration console, open Day CQ Link Checker Info Storage Service and deselect "Save external link references” option and save.

Note:

Please note that, disabling this option will not cause automatic removal of the existing referencedBy property values. To achieve this, first remove /var/linkchecker.